Not particularly severe for various reasons; - I'm not sure if you ship with syslogging enabled by default - Even if you did, it might not be exploitable - And you don't listen on the snmp network port by default anyway. Still, If we look at ucd-snmp-4.1.2/snmplib/snmp_logging.c: snmp_log_string(): ... #if HAVE_SYSLOG_H if (do_syslogging) { syslog(priority, string); } #endif ... That syslog() call is mising "%s" as a second argument. Classic format string bug. Probably best to patch for the next release, but I doubt it warrants an update unless you _do_ enable syslogging by default. Check it out and update this bug if syslogged is enabled by default.
I think this is serious, even if default config is not exploitable.
Fixed in ucd-snmp-4.1.2-9.